Scripting language processing engine in data leak prevention application
First Claim
1. A computer implemented method of preventing leakage of security sensitive documents from an organization involving categorizing documents by classifying the documents according to a security sensitivity of the documents, comprising:
- providing a data leak prevention application that categorizes documents by data type in order to prevent leakage of sensitive documents from an organization, a data type being a classification of a document based on what data the document contains, the data type also reflecting an extent to which leakage of the document out of the organization would harm the organization due to what data the document contains;
embedding a scripting language processing engine into the data leak prevention application, the scripting language processing engine forming part of the application as hard code and utilizing a high level programming language;
configuring interaction between the scripting language processing engine and the data leak prevention application, the configuring including modifying existing code or adding new code;
activating relevant code portions of the scripting language processing engine to detect new data types, including setting criteria for when the relevant code portions of the scripting language processing engine activate; and
using the data leak prevention application containing the embedded scripting language processing engine to perform an action to prevent data leakage of the document out of the organization based on new and existing data types.
1 Assignment
0 Petitions
Accused Products
Abstract
A data leak prevention application that categorizes documents by data type is provided, a data type being a sensitivity classification of a document based on what data the document contains. A scripting language processing engine is embedded into the data leak prevention application, the scripting language forming part of the application as hard code. A user configures interaction of the scripting language processing engine with the application. The configuring may include modifying or adding code or setting criteria for when code portions of the scripting language processing engine activates. The scripting language processing engine is activated to enhance an accuracy of an existing data type or so as to detect a new data type. Upon enhancing the accuracy of the data type, documents may be re-categorized.
-
Citations
18 Claims
-
1. A computer implemented method of preventing leakage of security sensitive documents from an organization involving categorizing documents by classifying the documents according to a security sensitivity of the documents, comprising:
-
providing a data leak prevention application that categorizes documents by data type in order to prevent leakage of sensitive documents from an organization, a data type being a classification of a document based on what data the document contains, the data type also reflecting an extent to which leakage of the document out of the organization would harm the organization due to what data the document contains; embedding a scripting language processing engine into the data leak prevention application, the scripting language processing engine forming part of the application as hard code and utilizing a high level programming language; configuring interaction between the scripting language processing engine and the data leak prevention application, the configuring including modifying existing code or adding new code; activating relevant code portions of the scripting language processing engine to detect new data types, including setting criteria for when the relevant code portions of the scripting language processing engine activate; and using the data leak prevention application containing the embedded scripting language processing engine to perform an action to prevent data leakage of the document out of the organization based on new and existing data types. - View Dependent Claims (2, 3)
-
-
4. A computer implemented method of preventing leakage of security sensitive documents from an organization by classifying the documents according to a sensitivity of the documents, comprising:
-
embedding a scripting language processing engine into a data leak prevention application, the scripting language processing engine forming part of the application, interaction of the scripting language processing engine with the data leak prevention application being configurable by a user; setting criteria for when relevant code portions of the scripting language processing engine activate so as to validate that a particular document is of a particular existing data type or so as to detect that the particular document fits a particular new data type; activating relevant code portions of the scripting language to either validate an existing data type or to detect a new data type, a data type being a classification of a document containing data based on a sensitivity of the document and based on a type of data the document contains, the sensitivity of the document reflecting an extent to which leakage of the document out of the organization would harm the organization; and using the data leak prevention application containing the embedded scripting language processing engine to perform an action to prevent data leakage of the document out of the organization based on new and existing data types. - View Dependent Claims (5, 6, 7, 8, 9)
-
-
10. A computer-implemented method of detecting and preventing leakage of sensitive documents out of a particular organization, comprising:
-
using a data leak prevention application to categorize documents by data type, a data type being a classification of a document containing data based on the size of the document and based on a type of data the document contains; categorizing the documents further based on a protocol of the document; for email documents, categorizing the email documents further in terms of sensitivity by checking a source and destination of the email documents, the sensitivity of the email documents reflecting an extent to which leakage of the email document of the organization would harm that particular organization; and a scripting language processing engine embedded in the data leak prevention application validating an accuracy of the data type, interaction of the scripting language processing engine with the data leak prevention application being configurable by a user; and using the data leak prevention application containing the embedded scripting language processing engine to perform an action to prevent data leakage of the document out of the organization. - View Dependent Claims (11, 12)
-
-
13. A computer-implemented method of detecting and preventing leakage of sensitive documents from a particular organization, comprising:
-
using a data leak prevention application to select a sensitivity category for a document based on a size of the document, a data type and a protocol of the document, the sensitivity category reflecting an extent to which leakage of the document out of the organization would harm that particular organization; checking a source and destination of the document if the protocol is for email; a user configuring interaction of a scripting language processing engine with the data leak prevention application to activate code portions of the scripting language processing engine at a run time event of the data leak prevention application, the scripting language processing engine embedded in the data leak prevention application and having access to data accessible to the data leak prevention application; using the scripting language processing engine to validate the data type of the document; re-selecting a sensitivity category for the document based on the validation; and using the data leak prevention application containing the embedded scripting language processing engine to perform an action to prevent data leakage of the document out of the organization based on the re-selection of the sensitivity category for the document. - View Dependent Claims (14, 15, 16, 17)
-
-
18. A data leak prevention system for an organization, comprising:
-
a processor; a data leak prevention (DLP) application executable by the processor; a scripting language processing engine embedded into the DLP application and forming part of the hard code thereof, an interaction of the scripting language processing engine with the data leak prevention application configurable by a user;
the scripting language processing engine including snippets that activate based on criteria configurable by a user at run time events of the data leak prevention application, the snippets also modifiable by a user, the scripting language processing engine configurable by a user to identify whether a document should be assigned a data type based on at least one of (i) a presence and (ii) a frequency of appearance, in the document of a valid identification number, the identification number identifying at least one of an individual customer, individual member, individual citizen or individual subscriber of the organization, the identification number'"'"'s presence or frequency in the document unrelated to any step performed by the data leak prevention application on the document; anddocuments of various data types stored by the user and categorized by the data leak prevention application as to sensitivity upon the scripting language processing engine validating existing data types or creating new data types, the sensitivity reflecting an extent to which leakage of the document out of the organization would harm the organization.
-
Specification